Identity Protection: Introduction to Azure Active Directory

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

speaking about microsoft 365 without pointing to Azure Active Directory is meaningless

simply because Microsoft 365 is relay on Azure Active Directory [AAD ] for identity management  

in the first article of series  identity management & Protection  : we have found here in networks pioneers that it is very  important to understand Azure Active Directory [later referred to AAD ] , before diving inside how to secure user identity 

please join us in this article and next articles to discuss identity management and how to secure it  

what is Azure Active Directory

since old old days : identity management take crucial part of any IT system as centralized solution 

linux and unix system was mostly working on Lightweight Directory Access Protocol  (referred to LDAP )  as identity management 

microsoft developed  it own on-premise  identity management product which called Active Directory Domain Service (referred to ADDS

later : 

cloud application getting more popular , and this raised the need to centralized identity management for cloud application >> Microsoft developed cloud identity management called Azure Active Directory ( referred Azure AD)

Azure Active Directory (Azure AD) is Microsoft’s next evolution of identity and access management solutions for the cloud.

Azure AD takes ADDS approach to the next level by providing organizations with an Identity as a Service (IDaaS).

Azure Active Directory (Azure AD) helps your employees sign in and access:

  • CLoud apps  :  such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
  •  On-Premise Apps  :  such as apps on your corporate network and intranet,  
Azure AD for Pioneers101.onmicrosoft.com

Azure AD vs Microsoft 365 vs Azure IaaS

some people when hearing of Azure AD >> directly jump to Azure (forget next words Active Directory 🙂  ) 

actually we have to differentiate between  Azure AD ,Microsfot365 , Azure IaaS 

Microsoft365 :

  • Software as a services  SaaS :
  • where you can use application without need to install it in your computer 
  • but we still need something it identify (Authenticate )  you to open your OWN file >> which done by Azure AD 

 

Azure

  • InfraStructure As a service : IaaS
  •  where you can build your  server without need to buy physical Hardware or to have physical Datacenter 
  • but we still need something it identify (Authenticate )  you to run your Servers  >> which done by Azure AD 

Azure Active Directory 

  • is centralized  Identity Management , and the NEXT we will see in this article 🙂 

Azure AD vs ADDS

OK .. 

Now we know that microsoft has two identity management solution 

  • ADDS for on-premise network [local environment ]
  • AZure AD : for Cloud Apps 

let us to make some comparison between both 

 

  1. Azure AD provides built-in roles with its role-based access control (RBAC) system, with limited support for creating custom roles to delegate privileged access to the identity system  >> while ADDS   relay on domains, organizational units, and groups
  2. Azure AD uses intelligent password protection for cloud and on-premises. Protection includes smart lockout plus blocking common and custom password phrases and substitutions >> while ADDS Credentials in Active Directory is based on passwords, certificate authentication, and smartcard authentication
  3. Azure AD use  conditional access (CA) will control which users will have access to which apps under required conditions  >> while ADDS    DNS, DHCP, IPSec, WiFi, NPS, and VPN access.
  4. SaaS apps supporting OAuth2, SAML, and WS in AzureAD >> while ADDS require ADFS
  5. Microsoft Intune, is integrated with Azure AD to manage mobile >> while ADDS need third party solution
  6. Windows devices can be joined to Azure AD. Conditional access can check if a device is Azure AD joined as part of the authentication process. >> while ADDS use GPO to manage local PCs
  7. Security in cloud is driven by [identity , apps ,devices ]>> while ADDS use perimeter network to isolate data from user

Single Sign-On SSO

what is Single sign-on (SSO) ? 

SSO is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

With single sign-on, users sign on once to access

  • domain-joined devices,
  • company resources,
  • software as a service (SaaS) applications,
  • and web applications.

Without single sign-on, by contrast, users must remember application-specific passwords and log into each application individually.

 

How to configure SSO in Azure AD and ADDS ? 

To configure single sign-on

  • Cloud applications use
    • OpenID Connect,
    • OAuth, SAML, password-based,
    • linked, or disabled methods for single sign-on.
  • On-premises applications use
    • password-based,
    • Integrated Windows Authentication,
    • header-based
    • , linked, or disabled methods for single sign

AAD license and features

any  Microsoft  product released with many levels and features  and of course with different price list 

Azure ADfree

    • Included in any Azure Subscription

    • 500K object limit

    • No limit for MS365 applications

    • Maximum 10 SSO apps per users
    • MFA Only for office365 services

Azure AD Premium-1 [referred to ADD-P1 ] 

    • 6$ per user per month
    • No limit on SSO apps
    • Conditional access on device/location
    • MFA for MS365 and on premise services [hybrid ]

Azure AD Premium-2 [referred to ADD-P2 ] 

    • 9$ per user per month
    • All features in AAD P1
    • Identity protection like : MFA ,PIM, Conditional Access , and Azure Identify protection

 

 

be careful :

Azure AD licensing Model and price number are subjected to change at any time 

so ,,, What to Do ? 

simply keep tuning with Azure AD Price list   >>    https://azure.microsoft.com/en-us/pricing/details/active-directory/

what to manage in Azure AD

let us to try to open azure portal >> then open azure active directory to explore the inside 

open https://portal.azure.com/  >> provide you credential as global admin for your tenant 

azure AD provide us with the following : 

 

open azure portal
select azure eactive directory

section Manage alllow us to manage all tenant aspect including but NOT limited to : 

  • users 
  • group 
  • external identities like gmail users 
  • administrative roles assigned to users 
  • devices joined to AAD to meet security needs (fully detailed later ) 
  • assigned license 
  • Azure AD Connect : which used to connect  local ACtive Directory ADDS as hybrid environment 
  • and son many features that will improve your administrative capabilities 
  •  
pionners101 azure active directory >>section Manage
pionners101 azure active directory >>section Monitoring
pionners101 azure active directory >>section support

concussion

in this article we have got an overview of Azure ADDS 

next articles we will see how to protect identities in AAD with the most powerful protection tools 

please join us there 

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us